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REMARKS 

Claims 1, 12 and 21 have been amended as indicated above. Claims 1, 4- 
12, 16-21 and 24-28 remain in the application for consideration. In view of the 
following remarks, Applicant respectfully requests that the application be 
forwarded on to issuance. 

Examiner Interview 

Applicant respectfully thanks the Examiner for the time spent on the 
telephone on March 6, 2007 discussing the disposition of this case with 
Applicant's representative. During the telephone communication. Applicant and 
the Examiner discussed the cited art, and particularly the reference to Scott. 
During the discussion, Applicant pointed out to the Examiner that Scott does not 
first apply a global screen and then, subsequently apply an individual screen. The 
Examiner appeared to be in agreement with this temporal aspect of Scott and 
agreed to reconsider the claims if amended to recite the temporality of the 
screening. 

Examiner Williams agreed to call the undersigned representative before 
issuing a subsequent Office Action. 

Specification Objection 

The Specification has been objected to as not providing an antecedent basis 
for material that was previously added by amendment. While Applicant disagrees 
with the Office and specifically pointed to sections of the Specification that 
support the added amendment, this language has been canceled from the claims 
due in large part to the amendments that are presently made. 
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§112 Rejections 

Claims 1-4-12, 16-21 and 24-28 stand rejected under 35 U.S.C. §112, first 
paragraph as failing to comply with the written description requirement. This 
rejection also flows from language that was previously added, which is now 
removed. Again, Applicant's removal of the previously amended subject matter is 
not to be seen as an admission as to the propriety of the Office's rejection. Rather, 
such material has been removed in view of the amendments that are presently 
made. That is, given the Office's interpretation of Scott and the clarification that 
has been made in the claims, the previously-added subject matter is not necessary 
to defined over Scott. 

§101 Rejections 

Claims 21 and 24-28 stand rejected under 35 U.S.C. §101 as being directed 
to non-statutory subject matter. Specifically, the Office argues that the claims, as 
written, can pertain to carrier waves. Applicant has amended claim 21 to recite 
that the computer readable media is a "computer readable storage media". 
Support for this amendment can be found on page 17, lines 8-16 of the 
Specification. 

§ 103 Rejections 

Claims 1, 4-12, 16-21 and 24-28 are rejected under 35 U.S.C. § 103(a) as 
being obvious over David Scott and Richard Sharp, Abstracting Application-Level 
Web Security , May 7-11, 2002 (hereinafter, "Scotf ) in view of Wheeler, Secure 
Programming for Linux and Unix HO WTO . 
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Claim 1 (as amended) recites a method, comprising: 



• receiving data input through a web page from a client device; 

• referencing a declarative module to determine a client input security 
screen to apply to the data input from the client device, wherein the 
declarative module comprises: 

• a global section that includes at least one client input security screen 
that applies to any type of client input value; and 

• an individual values section that includes at least one client input 
security screen that applies to a particular type of client input value; and 

• applying multiple client input security screens to the data input from the 
client device, including at least one client input security screen from the 
global section of the declarative module and at least one client input 
security screen from the individual values section of the declarative 
module, wherein the client input security screens are distinct from one 
another, and wherein said act of referencing comprises first using the 
global section to screen one or more client input values and then 
using the individual values section to screen at least one of said one or 
more client input values. 



This claim has been amended to recite that the act of referencing first uses 
the global section to screen one or more client input values and then uses the 
individual values section to screen at least one of the one or more client input 
values. Support for this subject matter can be found, among other places, on page 
9, line 6 through page 10, line 20. 

As discussed during the interview, Scott does not first use a global section 
to screen input values and then use an individual values section to screen at least 
one of the client input values. In point of fact, Scott would appear to teach directly 
away from any such notion. Specifically, the Office has characterized Scott's 
transformations as a "global section" and its validation constraints as an 
"individual value section". Yet, Scott instructs in section 3.4 entitled "The 
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Security Gateway" that the validation constraints are first employed (i.e. what the 
Office considers as the "individual value section") and then the transformations 
are employed (i.e. what the Office considers as the "global section"). 

Accordingly, for all of these reasons, this claim is allowable. 

Claims 4-11 are allowable at least by virtue of their dependence from an 
allowable base claim. 

Claim 12 (as amended) recites a system, comprising: 



• a web page server unit configured to provide one or more web 
pages to one or more client devices over a distributed 
network; 

• means for receiving client input data; 

• a declarative module configured to include multiple client 
input security screens that declare screening rules for client 
input, wherein the declarative module comprises: 

• a global section that includes one or more client input security 
screens that are applied to all types of client input; and 

• an individual values section that includes one or more client 
input security screens that are applied to specified types of 
client input; and 

• a client input security screening unit configured to apply the 
screening rules for client input to the client input data and to 
perform one or more actions on invalid client input data, 
wherein the screening rules are from distinct client input 
security screens from the global section and the individual 
values section, and wherein the client input security 
screening unit is configured to first use the global section to 
screen one or more client input values and then use the 
individual values section to screen at least one of said one or 
more client input values. 



This claim has been amended to recite that the client input security 
screening unit is configured to first use the global section to screen one or more 
client input values and then use the individual values section to screen at least one 
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of said one or more client input values. For all of the reasons set forth above with 
regard to the allowability of claim 1, this claim is allowable. 

Claims 16-20 are allowable at least by virtue of their dependence from an 
allowable base claim, as well as for their own respectively patentable subject 
matter. 

Claim 21 (as amended) recites one or more computer-readable storage 
media containing computer-executable instructions that, when executed on a 
computer, perform the following steps: 



• serving a web page to a client over a distributed network; 

• receiving client input via the web page; 

• comparing the client input with multiple and distinct client input 
security screens stored in a security declarative module, wherein the 
security declarative module includes a global section configured to 
screen all types of client input values and an individual values section 
configured to screen particular types of client input values, wherein the 
global section is used to first screen one or more client input values 
and then the individual values section is used to screen at least one of 
the one or more client input values', 

• if invalid client input is detected, performing a screening action on the 
invalid client input as indicated by the security declarative module; and 

• wherein the client input security screens included in the security 
declarative module can be applied to multiple web pages. 



This claim has been amended to recite that the global section is used to first 
screen one or more client input values and then the individual values section is 
used to screen at least one of the one or more client input values. For all of the 
reasons set forth above with regard to the allowability of claim 1, this claim is 
allowable. 

Claims 24-28 are allowable at least by virtue of their dependence from an 



13 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 



allowable base claim, as well as for their own respectively patentable subject 
matter. 

Conclusion 

The pending claims are in condition for allowance and action to that end is 
respectfully requested. Should any issue remain that prevents allowance of the 
application, the Office is encouraged to contact the undersigned prior or issuance 
of a subsequent Office action. 

Respectfully submitted. 

Dated: 3/15/2007 By: /Lance R. Sadler/ 

Lance R. Sadler 
Reg. No. 38,605 
(509) 755-7251 
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